[kwlug-disc] OT: Hotmail/Yahoo account breakins
Rashkae
rashkae at tigershaunt.com
Thu Feb 28 15:31:37 EST 2013
On 02/28/2013 01:38 AM, Bob Jonkman wrote:
> I can tell it's an attack on Yahoo's servers, not a drive-by
> vulnerability on web browsers that access Yahoo's webmail site because
> one of the message I received was "from" a friend who passed away in
> 2011, so I *know* he wasn't using a vulnerable browser or a malware
> infested computer. The spam messages also list a number of addresses in
> the To: field from the victim's addressbook. Some of the addresses
> listed in the To: field from my friend were from unpublished accounts on
> a mail system we administered, so I'm pretty sure Yahoo's servers were
> compromised, giving the attackers access even to dormant accounts and
> their addressbooks.
>
> I've also been receiving a ton of messages where the name in the From:
> field is someone I know, but the e-mail address is something like
> qwertysplat at yahoo.com It seems that's a different spam engine, because
> those messages are an ordinary case of header spoofing, and not
> particularly well done.
>
> In both cases my spam filter catches them nicely, except when the
> message has been sent to a mailing list. At least two mailing lists I
> manage have been spammed this way, and the TLUG list too. Have any
> messages snuck through to the KWLUG list?
> And there doesn't seem to be anything in the online technical press,
> either. There's this:
> http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=10864681
> but I'm not sure it's the same thing or an older attack (the article is
> from 11 February). Also, a source in the article claims that attack is
> an XSS attack, but that doesn't explain how dead relatives could be
> affected.
>
> "Telecom have explained, I guess that it's a compromise of the Yahoo
> database...and the data appears to have been stolen."
>
Thank you.. This was where my gut was leading me, but without a Press
release or announcement from yahoo that "By the way, all your accounts
belong to someone else." I was hoping there would be some collaborative
evidence. This is a serious breach on the part of Yahoo. Not only that
the breach has somehow happened, but the complete silence puts lots of
people at risk.
More information about the kwlug-disc
mailing list